Integrity Software

Related links

Industry News

Archived News Article

Do Vendors Use Software Audits to Scare Up New Contracts?

By Art Jahnke

At their best, software audits, during which vendors check a customer’s network for unlicensed users, are legitimate procedures that let software companies conduct the kind of due diligence that their business demands. After all, licensing agreements are complicated documents whose restrictions could be misunderstood, either innocently or not so innocently. But at their worst, software audits can be intimidating confrontations that give vendors an opportunity to strongarm users—all in the name of compliance—into signing licensing deals that benefit the vendor, not the user. How intimidating are the auditors? Here is a sentence from a letter sent to IT managers by the Business Software Alliance, an organization that helps Microsoft and other large software companies ferret out unlicensed software: “The penalties for copyright infringement are serious—sometimes totaling hundreds of thousands of dollars—and in this economy, can you business afford that risk?”

For years, relatively impartial observers such as Gartner have been advising software users to remain cool in the face of such audit threats. In May 2001, a Gartner research note reported that “in many cases, we have heard of audits being threatened as a sales tactic when Enterprise Agreements are being evaluated.” And last year, a Gartner advisory called “Surviving a Software Vendor Audit” warned that “Many vendors will try intimidation to force you to buy licenses.”

Here at CIO.com, we’ve heard similar things from IT executives: audits are often understood to be the stick held by vendors, and signing on the dotted line of a continued Enterprise Agreement is the best way to avoid a sound beating. As the Business Software Alliance reminds us, times are tough. But if what we hear is true, the business practices of some of the world’s biggest software companies are even tougher.

Could it be true? Do vendors use threats of software audits to persuade users to sign new Enterprise Agreements? Tell us your story.

Speaking as a vendor, the most difficult proposition in terms of effectively managing a customer relationship is to insist upon an audit. It is absolutely the option of last resort, and never to be considered as a "tactic" unless there is significant evidence that a client is out of compliance.

Personally, I have only been involved in one such audit, when literally hundreds of licenses were being used above and beyond the designated terms. In this instance, I had just taken a sales job with a software firm, and upon my arrival, was asked to oversee a quiet audit of a major partner. I did so with tact and caution, as both my firm and the client were involved in a worldwide alliance responsible for hundreds in millions in revenue, and enjoyed an open and friendly relationship.

Following a thorough assessment, and with the help and guidance of a teammate with a long history at the account, I found both firms were at fault - by not keeping an accurate record of the licenses issued. At the end of the day, my firm was given over $1 million by the client to cover the software costs and all related debt. However, this included a discount to the client that came in at $3 million plus, which was granted to preserve the relationship and create a "win-win" for both parties.

As a vendor, you could postulate that the audit resulted in a million-dollar award. Or that too much money was left on the table. And the client could conclude that the discount was worth the trouble. Regardless of the outcome, careers were damaged. Both firms had to face significant turmoil. The alliance was placed in jeopardy. And if better records were kept by both organizations, embarrassment could have been avoided, and everyone would have been happier at the end of the day.

Again, when an audit is used as a sales tactic, that action calls trust into question on both sides, sends political tremors up to the C-level, and causes near-fatal damage to customer loyalty. The remedy – keep an accurate record of all software issued or received.

The more nasty and aggressive that software vendors get with audits then the more Linux will be used. They will therefore be digging their own graves.

There are several items to be concerned about when facing an audit from a software publisher. Software Licenses are permissive documents - they explain what you are permitted to do. Anything else is not permitted. Most licenses have a clause that gives them to audit your system for compliance. In all case of non-compliance the real issue is keeping your "proof of purchase". If you cannot provide a document proving that you purchased the license, that the vendor consideres valid, then in all likelyhood they consider that a breach of the license. I also take issue with Mark Zorro's comment that the auditors are not going after those that are poor managers. That is exactly who the BSA and SIIA and the software "Swat Teams" are going after. They leave the big counterfiters to the FBI and other government agencies. I am personnally aware of a small company with 18 PCs that was fined approximately $50,000 (their total costs exceeded $170,000) by a compliance agency. They were not actual criminals. They upgraded most of the office PCs that had a CAD system using dongles. They failed to delete the software when they moved the old PCs to the shop floor. Since the dongles were only used on the new office machines, they felt that they were ok. Surprise when an ex-employee turned them in to the compliance agency and they were found in violation of the license agreement terms. Another small firm had similar fines and extra costs, but their problem was poor management. They were sure they had done nothing wrong, but did not keep accurate records (credit card and cash receipts thrown away, decentralised purchasing, ..etc.) Are the audits wrong? NO. Should companies keep better track YES. By the way. Knowing what you have, where it is, what versions, and so forth actually saves money. Implementing a total hardware and software information technology asset management plan (ITAM) is a quick ROI.